South Staffs Water victim of Clop attack

South Staffordshire Plc, the parent company of utilities Cambridge Water and South Staffordshire Water, has assured its 1.6 million customers that following an apparent Clop (aka Cl0p) ransomware attack, Their water supply is safe confirming that the gang appears to have falsely claimed to be against a completely different group.

The attack took place on Monday, August 15, but it was discovered Security researcher Daniel Card, who attributed the breach on Clop’s darknet leaks site, said the gang appeared to believe it was attacking and extorting Thames Water, which serves properties in London and south-east England.

Writing, it’s unclear how the gang managed to misidentify Victim’s, but unfortunately its false attribution is picked up by

and run express

, although the tabloids have retracted the misinformation. Screenshot shared with Computer Weekly by security researchers at Searchlight In it, Klopp slammed Thames Water, accusing it of malpractice and encouraging clients to sue it. It claims to have been in the company’s systems for months and has contacted victims and asked for money, but “they have no interest in fixing it”, which is unsurprising given the gang did not invade Thames water. It says: “Clop is not a political organization, we Not attacking critical infrastructure or health organizations. We decided not to encrypt this company, but we showed them that we have access to 5TB more data. Each system includes SCADA and these systems that control chemicals in water. If you’re shocked , that’s fine.”

If the gang does this as it The ability to control the chemical composition of water, as the statement implies, suggests it may have access to South Staffordshire’s operational technology (OT) systems and its IT.

In a statement, South Staffordshire confirmed It was the victim of a “criminal cyber attack”, although it was not explicitly stated, the name Clop.

“As you might expect, one of our priorities is to continue to maintain a safe public water supply,” a spokesperson said. “This incident has not impacted our ability to provide safe water and we can confirm that we are still providing safe water to all our Cambridge Water and South Staffs Water customers.

“Thanks to the strong system and control of water supply and quality that we always have, and the fast work of our team members to deal with this incident and implement the additional measures we have already taken on a preventive basis.

“Our corporate IT network is experiencing an outage and our team We are working hard to resolve this issue as soon as possible. It is important to stress that our customer service team is operating as usual.

“We are working closely with the relevant government and regulators and will continue to update them and our customers as we investigate. ” Thames Water Company spoke The person said: “We are aware of media reports that Thames Water is facing a cyber attack. We want to assure you that this is not the case, and we apologize if the report has caused distress.

“As providers of essential services, we take our security of your network and systems and focus on protecting them so we can continue to provide you with the service and support you need from us.”

Ian Parsons, Cyber ​​Threat Intelligence Analyst at Bridewell, commented: “With much of the UK facing drought, any disruption to water utility services is likely to Far-reaching impact. While ransomware operators are not the only targets, this makes the incentive to pay any ransom demands more likely.

“State actors cannot be ruled out, especially since previous attacks on water supplies have been linked to sophisticated threat actors. The destruction of the nation’s critical infrastructure is an attractive target for nation-state groups. However, in this case it is less likely.

“Our critical national infrastructure has been attacked multiple times Recent research by [CNI 2022] and Bridewell shows that the utilities sector remains a highly targeted CNI sector in the UK.”

Parsons said it was clear that any exploitable vulnerability in the water system would pose a significant threat to public health and safety, making it even more important for water companies to do their best to ensure safety.

“While security teams and engineers are managing complex security Well done ecosystem, the problem is that many of the systems in use today prioritize efficiency over security,” he said. “To successfully drive cybersecurity improvements, operators face the challenge of maintaining system uptime while undertaking complex operational and technical upgrades.

“To build cyber resilience, organizations should implement a robust cybersecurity transformation process, using the NCSC’s Cyber ​​Assessment Framework and NIS regulations as guidance. By combining best practices with modern technologies such as threat intelligence to plan for modern adversaries, utility providers can increase their confidence and effectiveness against such threats. Ed Macnair, CEO of Censornet, added: “Preventing sensitive data and intellectual property from leaking into the hands of cybercriminals is critical to ensuring a safe water supply, especially during droughts. Attackers are always looking for ways to cause maximum damage, damage, and of course, gain access to valuable personal information. They are increasingly taking the fight into the public sphere.

“A reminder again why it’s important to stop ransomware in Before it has a chance to gain a foothold. Those who pay are statistically more likely to be attacked again – 20% of mid-market businesses end up paying a ransom to hackers, with an average payment of £144,000. Dealing with ransomware comes down to Limit reputational and financial damage from violations while carefully considering the ethical and legal implications of payment requests.

“As ransomware attacks become more sophisticated, the ability to respond quickly and accurately is imperative. Organizations need to close any gaps in their security posture so that cyber defenses can work together at lightning speed to stop ransomware and stop cybercriminals from any chance of extortion. ”

Klopp revival Despite a major setback last year after Ukrainian authorities took down multiple members of the gang, Clop – which follows a spate of attacks in spring 2021 following supply chain attacks on Acellion’s legacy FTA file transfer platform – Clop Gangs continue to operate.

In fact, according to Trend Micro in 2022 Earlier data released that Clop detection remained high after being removed, while recent NCC research suggests the gang saw a return to form in the spring, with its named victims increasing from 1 in March to 21 in April name, making it one of the most active victims with 5 threat actors during this period.

Its most targeted sector now appears to be industrial groups – South Staffs is arguably one such group – accounting for almost half of the victims, although the gang is also keen to harm tech companies Interest.

“The increase in Clop activity seems to indicate that they have returned to Threat landscape,” said Matt Hull, NCC Global Head for Strategic Threat Intelligence. “Organizations within Clop’s most targeted industries—especially the industrial and technology sectors—should consider the threat posed by this ransomware group, and be prepared. ”

Read more about data breach incident management and recovery

How to Improve Network Attack Detection Using Social Media

go through: Isabella Harford